Fix the error handling (#3342)

* Fix the error handling

* Update package/src/index.ts

Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>

* Fix the build errors

* Fix error message

---------

Co-authored-by: amazon-q-developer[bot] <208079219+amazon-q-developer[bot]@users.noreply.github.com>

Author: poad

package/.swcrc

@@ -14,7 +14,7 @@
   "module": {
     "type": "es6"
   },
-  "sourceMaps": true,
+  "sourceMaps": false,
   "exclude": [
     "tests",
     ".*.test.ts$",

package/esm/index.d.ts

@@ -23,4 +23,3 @@ declare const jwtGenCore: {
     token: typeof token;
 };
 export default jwtGenCore;
-//# sourceMappingURL=index.d.ts.map

package/esm/index.d.ts.map

@@ -31,17 +31,28 @@ const payload = (issuerId, duration)=>({
  * @param duration 
  * @returns 
  */ export async function token(privateKey, issuerId, privateKeyId, duration = 500) {
-    const key = await importPKCS8(privateKey.toString(), 'ES256');
-    return new SignJWT(payload(issuerId, duration)).setProtectedHeader({
-        alg: 'ES256',
-        kid: privateKeyId
-    }).sign(key);
+    try {
+        const key = await importPKCS8(privateKey.toString(), 'ES256');
+        return new SignJWT(payload(issuerId, duration)).setProtectedHeader({
+            alg: 'ES256',
+            kid: privateKeyId
+        }).sign(key);
+    } catch (error) {
+        if (error instanceof Error) {
+            // Use predefined error messages to avoid information leakage
+            if (error.message.includes('PKCS8')) {
+                throw new Error('JWT token generation failed: Invalid key format');
+            } else if (error.message.includes('sign')) {
+                throw new Error('JWT token generation failed: Signing operation failed');
+            }
+            throw new Error('JWT token generation failed: Internal error');
+        }
+        throw new Error('JWT token generation failed: Unknown error occurred');
+    }
 }
 const jwtGenCore = {
     tokenSync,
     token
 };
 export default jwtGenCore;
 
-
-//# sourceMappingURL=index.js.map

package/esm/index.js

@@ -51,10 +51,23 @@ export async function token(
   privateKeyId: string,
   duration = 500,
 ): Promise<string> {
-  const key = await importPKCS8(privateKey.toString(), 'ES256');
-  return new SignJWT(payload(issuerId, duration))
-    .setProtectedHeader({ alg: 'ES256', kid: privateKeyId })
-    .sign(key);
+  try {
+    const key = await importPKCS8(privateKey.toString(), 'ES256');
+    return new SignJWT(payload(issuerId, duration))
+      .setProtectedHeader({ alg: 'ES256', kid: privateKeyId })
+      .sign(key);
+  } catch (error) {
+    if (error instanceof Error) {
+      // Use predefined error messages to avoid information leakage
+      if (error.message.includes('PKCS8')) {
+        throw new Error('JWT token generation failed: Invalid key format');
+      } else if (error.message.includes('sign')) {
+        throw new Error('JWT token generation failed: Signing operation failed');
+      }
+      throw new Error('JWT token generation failed: Internal error');
+    }
+    throw new Error('JWT token generation failed: Unknown error occurred');
+  }
 };
 
 const jwtGenCore = {

package/esm/index.js.map

@@ -9,8 +9,8 @@
     "outDir": "./@types",
     "moduleResolution": "bundler",
     "declaration": true,
-    "declarationMap": true,
-    "sourceMap": true,
+    "declarationMap": false,
+    "sourceMap": false,
     "strict": true,
     "noImplicitAny": true,
     "esModuleInterop": true,

package/src/index.ts

@@ -9,8 +9,8 @@
     "moduleResolution": "bundler",
     "declaration": true,
     "declarationDir": "./esm",
-    "declarationMap": true,
-    "sourceMap": true,
+    "declarationMap": false,
+    "sourceMap": false,
     "strict": true,
     "noImplicitAny": true,
     "esModuleInterop": true,